Your Conficker To-Do List

Worried about Wednesday's Conficker update? Here are eight action items that will help you weather the potential storm.

Unless you're living in a cave, by now you've heard that a worm known as Conficker (or Downadup, or Kido) has infested computer systems around the world, and that it will do something April 1st, though nobody knows exactly what. How can you be sure your computer doesn't become a casualty? Here are eight action itemsthings you can do yourself to weather the potential storm.

Double-check Windows Update
The worm weasels into computer systems through a Windows vulnerability that was patched last October, and once in place it interferes with the Windows Update system, to protect itself. So, verify that your system is up to date. XP users should launch Internet Explorer (no other browser will do), visit www.windowsupdate.com, and click the "Review your update history" link. Vista users should launch Windows Update from the Start menu and click the "View update history" link. In particular, you want to see KB958644 in the listthat's Conficker's entry point. If your latest update is any older than March 2009, that's not good. Go back to the main Windows Update page and install all critical and security updates.

Turn Off AutoRun
Sure, it's convenient that CDs and DVDs automatically launch their programs when you put them in. You may even be happy to see the window that asks what you want to do when you insert a USB key. But Conficker and other worms subvert this handy feature to spread their infestation. Use a Conficker-tainted USB key to share pictures or music with a friend, and you're sharing the malware, too. The feature's convenience just isn't worth that risk. Here are instructions to turn off AutoRun.

Update Your Protection
It goes without saying that you should always keep your security software and malware definitions up to date. Don't just rely on automatic updates, as the worm has been known to interfere with these. Dig into your security software and manually launch an update, then watch to make sure it completes the process successfully. Now launch a full system scan.

Get a Second Opinion
Your security software can probably handle the Conficker worm, but why take a risk? Visit the Conficker Working Group's Repair Tools page to find the latest collection of threat-specific cleanup tools. At present, this page links to tools from AhnLab, ESET, Kaspersky, F-Secure Malware Removal Tool, McAfee, Microsoft, Sophos, Symantec, and TrendMicro. Run one or more of these to verify that your system is clean.

Check Your Servers
Conficker also attacks network shares using what's called a dictionary attack. It tries to gain Administrator access using a bunch of common passwords and often lucks out. If you're responsible for a network, whether it's an office or home network, check all of the network shares and make sure they're protected with a strong password. While you're at it, check the root folder of each drive for the presence of an AUTORUN.INF file or any unrecognized softwarethese are clues that Conficker is already in residence.

Inoculate Your Servers
Products like Faronics Anti-Executable prevent the launch of any program that's not pre-approved. On an individual workstation where installing new software is common, this kind of program can prove annoying, but server configuration is much slower to change. It's a little late to apply this kind of program-whitelist protection now, but going forward you'll want to consider it for your servers. When no unapproved program is allowed to launch, it doesn't matter how cleverly malware morphsit's powerless.

Back Up, Back Up, Back Up
Conficker isn't the only possible threat to your important data: Your computer could fail; thugs could steal it; a car might drive through your office wall and flatten it. If you have a backup system in place, make sure that it's operational and that you have a recent full backup. If not, get yourself a high-capacity USB drive and copy all your most essential files onto it. (After making sure you've disabled AutoRun as described above, of course.)

Scared? Hide Under the Covers
Does the fact that Conficker's final aim is unknown give you the willies? Are you shaking with worry that a hitherto-unknown "D" variant will show up tomorrow and zap your computer? OK, it's not very likely, but if you're concerned, take a day off from the Internet! Unplug the network cables from your computers, disable the wireless connections, and spend the day working on local documents or revisiting your favorite pre-Internet games.

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips...
More »